Re: [Networker] DMZ backup not working
2005-12-09 07:01:11
Anuj Mediratta wrote:
Hi,
1. NAT should be disabled.
2. For communication, you should open all ports irrespective of any
calculations - 10001-30001.
3. Configure these selected ports in the networker window by selecting
the same for the given client. Options->configure ports.
I don't like doing this, but this is the second time in recent days that
I have had to advise someone to ignore advice from this user, on the
grounds that is it totally wrong.
The port range from 10001 to 30001 is a range of SOURCE ports, not
destination ports. Most (possibly all?) firewalls don't filter on source
ports so in most (all?) cases it is NOT necessary or even useful to open
this port range.
Here is my own summary of port usage for firewall backups:
(1) The service port range setting on the client needs to be 7937-7938
(2) The service port range on the server - adjust to taste based on
all the other info supplied from various sources. Leave it as the full
range if you are allowed.
(3) Connection ports - unless your firewall is doing filtering based
on source ports there is no need to mess with it, just use the defaults.
(4) There is no need to open up connection ports in the firewall,
even at 7.1.x. Connection ports are SOURCE ports.
(5) If you run nsrports on the NetWorker server to modify a port
range you MUST restart NetWorker. I have not seen this documented
anywhere and this wasted several days of my time. I only discovered this
by guesswork. I am not sure whether the same applies for clients, I
think not. I don't know whether or not it applies to storage nodes.
To sign off this list, send email to listserv AT listserv.temple DOT edu and type
"signoff networker" in the
body of the email. Please write to networker-request AT listserv.temple DOT edu
if you have any problems
wit this list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|
|
|